MS-SQL and PHPMyAdmin Servers Infected with Malware Rootkit

Guardicore Labs security researchers published today a full report on the campaign of theft that attacks PHPMyAdmin and MSSQL servers over the globe.

Security researchers the Nansh0u, the malicious activity is reported by a Chinese group of APT-style attackers that has infected about 50,000 servers. Also, installing a kernel rootkit on affected systems.

An attacker can get access using the brute-force technique after finding publicly accessible MS-SQL and PHPMyAdmin Windows servers using a single-port scanner.

Easyhack providing you of Nansh0u Campaign IoCs published by Researcher Nansh0u.

The attacker’s TRTLCoin aallet address

a Powershell script made by Guardicore to detect residues of the Nansh0u campaign on a Windows machine

MD5 hashes of the payloads downloaded as part of the attacks

IP addresses of both attackers and connect-backs

Domains of mining pools connected-to by the miner malware

The lists of common usernames and passwords used to break into MSSQL servers

I am a Security Analyst, Consultant, Information Security Professional, and Developer.
My company name is Rapidsafeguard. Repidsafeguard is Security auditing and Consultant company. Our company is focusing on VAPT, NAPT and IoT security.
Easyhack purpose is Sharing research, cybersecurity awareness, the latest threats, and cyber attacks.
You can share your research at easyhack.in